Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Checker.exe


  • Please log in to reply
9 replies to this topic

#1 GalaxyX7

GalaxyX7

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 19 November 2012 - 11:36 AM

Hello folks!

I have a very annoying problem and I would greatly appreciate your help. The problem is following:

A few days ago I've noticed that my graphic card is running at 100%. Because I wasn't playing any games or running applications that would use GPU, I've opened Process Explorer and killed every process that wasn't necessary. I found that the problem was checker.exe.

I've searched through whole Google and I couldn't find a solution to my problem. Shortly after I've deleted the checker.exe and all of "his" *.dll's in the folder (my User %temp folder), but it didn't solve the situation. The checker.exe came back in about 15 minutes and I've killed it again, only with minimal success. Here's a picture of quarantined files:


I figured that I should quarantine it (picture 1):
Posted Image

but that created another problem, shown on the picture 2 below:
Posted Image

I've checked the file on Bit9 FileAdvisor and here is the result (picture 3):
Posted Image

On another forum, some folks have suggested me that I should run multiple anti-virus and anti-spyware/malware programs and here's what I did. I went to safe mode, ran ESET Smart Security 6 (full system scan), Malware bytes PRO (full system scan) and Spybot S&D 2 (full system scan) and all of these programs detected 0 threats.

I've checked in registry for any values containing checker.exe, but there weren't any. I've also checked with msconfig for unnecessary services and start-up items, but I still haven't found why checker.exe keeps executing at random times. I've submitted it to Virustotal.com and it suggested that I have some kind of BitCoin miner.

So I ran checker.exe by myself (picture 4): Posted Image
I typed URL by myself, also username and password. When I pressed enter, nothing happened.

I should aslo add that I've never installed WashAndGo or any kind of Xbox controller - Google results have shown that those programs were associated with checker.exe

The problem is that no matter what I do, checker.exe keeps comming back like a ghost. Please help me with my problem - how to get rid of it permanently!!!

Edited by GalaxyX7, 19 November 2012 - 11:40 AM.


BC AdBot (Login to Remove)

 


#2 GalaxyX7

GalaxyX7
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 19 November 2012 - 05:32 PM

Is there no-one who could help me with my problem?

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:40 AM

Posted 19 November 2012 - 10:55 PM

Do you see it in Task Manager as the process checker.exe.

Are you using Internet Explorer version?? or another browser when this happens?

When did yu install ESET 6 as this release can be the whole issue.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 lubo_bg

lubo_bg

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 22 November 2012 - 05:06 AM

I've got the exact same virus from 2 days ago. Don't know where I got it from. It also starts writing 10 "q" letters each 2-3 seconds like about 5-6 times and stops again. My GPU also goes max sometimes. Any fix for this? I scanned with Eset Smart Security 5 but no luck.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:40 AM

Posted 22 November 2012 - 01:09 PM

It appears that you both should repost as we should get a deeper look. Please follow this Preparation Guide and post in a new topic.

Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Yengas

Yengas

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 22 November 2012 - 03:00 PM

Hello guys. I'm having the same problem and couldn't find a proper way to handle it. I found a solution by myself but i don't think that it's a proper way to handle it. First go to Local/Temp and found the folder which holds checker.exe, clear the folder. Get back to Local/Temp and click to the folder, go to properties, select the Security Tab and disable all the permissions. Since the Virus can't found and start the Checker.exe, it will try to re-create it but it wouldn't be able to. This is a quick way to get rid of this problem. But i guess we need to find and clear the virus which creates the checker.exe to be sure that we handled with it :\.

#7 lubo_bg

lubo_bg

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 23 November 2012 - 01:12 PM

Ok dealt with it using AVG antivirus. It found above 20 viruses in my app data and users folder. Since then I haven't encountered checker.exe

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:40 AM

Posted 23 November 2012 - 02:06 PM

You should also run this then.


Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.


  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the

    contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 CyberLSB

CyberLSB

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 02 January 2013 - 06:26 PM

After a bit of reading logs and searching on Google, I've found out the following:

In the crash report it says the programm would load libblkmaker_jansson-0.1-0, a tool for mining bitcoins (this would explain the high gpu load)

But I've also found this

In my case, the Trojan has dropped a file called msess.exe in a random directory in %appdata%, this file was running.

The Trojan also added an entry in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, called "Integrated Driver"

So, I did the following: Delete the Registry key and the file in AppData (Kill the process first). Then do a normal Virus Scan.

#10 bookman222

bookman222

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 08 January 2017 - 05:08 AM

Checker.exe is also a file from Advanced Uninstaller by Innovative Solutions (in Windows 7, found in ProgramFiles (x86) and is 1.56MB in size.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users